Documentation
Feedback
Guides
API Reference

Guides
Data Protection PlusChanges in VTEX features behavior to handle PII data
Changes in VTEX features behavior to handle PII data

Closed beta: Data Protection Plus is in closed beta and is only available in select regions.

This feature is part of VTEX Shield, meaning additional fees may apply.

If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact Commercial Support.

If you are not yet a customer but are interested in this solution, please complete our contact form.

This document outlines the changes in the default behavior of certain VTEX features, which apply to stores using Data Protection Plus.

To handle PII data, we provide alternative approaches that are necessary to ensure data privacy best practices. As a result, some commerce features of the VTEX platform require adaptations when implemented by the store.

In this guide, you can learn about the changes you must be aware of when managing your customers' information with the Profile System.

Promotions - Customer cluster

To set up promotions for specific customer clusters in a way that is compatible with the PII data architecture, you must use the piiClusterExpressions field instead of clusterExpressions in Promotions and Taxes API.

Order Management

There are no restrictions to the use of these Order Management features for PII data architecture accounts:

  • Subscriptions
  • VTEX DO
  • Conversation tracker
  • Shipping notifications

However, API requests to /do, /conversationtracker, /subscriptions, and /shipping-tracker paths must include the query parameter reason in order to retrieve unmasked PII information.

Orders API: PII data architecture endpoints

In order to use Orders API, you should adapt your integrations to use new endpoints, for features you may already have implemented in your store, such as retrieving order information or notifying invoices. See the table below to know which endpoints need adaptation and where to find the new reference.

FeaturePrevious endpointNew endpoint (PII data architecture)Payload changed
Get orderGET /api/oms/orders/{orderId}GET /api/orders/pvt/document/{orderId}No
List ordersGET /api/oms/pvt/ordersPOST /api/orders/extendsearch/ordersYes
Start handling orderPOST api/oms/orders/{orderId}/start-handlingPOST /api/orders/pvt/document/{orderId}/actions/start-handlingNo
Cancel orderPOST api/oms/pvt/orders/{orderId}/cancelPOST /api/orders/pvt/document/{orderId}/cancelNo
Order invoice notificationPOST api/oms/orders/{orderId}/invoicePOST api/orders/pvt/document/{orderId}/invoicesYes
Send payment notificationPOST /api/oms/pvt/orders/{orderId}/payments/{paymentId}/payment-notificationPOST /api/orders/pvt/document/{orderId}/payment/{paymentId}/notify-paymentNo

To display the unmasked contact information (contactInformation) with the PII-compliant Get order endpoint, the contactId property must be provided. This property should be available in the Profile System via the Address.

More specifically, the shippingAttachment of the orderForm must contain the contactId that the address is related to. This is sent in the request for Add shipping address and select delivery option, where address.contactId must match the contactInformation[0].id.

Orders Admin interface

The PII rules have also been applied to the Orders List (Beta) and Order details pages. The pages have been adjusted so that:

  • By default, the account will see all data masked.
  • Searches by name only work with the shopper's full name.
  • Searches by document only work with the shopper's full document ID.

It is possible to configure PII preferences on OMS' interface of your VTEX Admin, by following these instructions:

  1. Access the VTEX Admin, go to the Orders menu, then click All Orders.
  2. Click an order on the list.
  3. Under the Customer information card, click PII Preferences.
  4. Select one of the following options to configure how you will view customer's PII and be audited depending on your choice: a. On all orders: View personal information and be audited on all orders. b. This order only: View PII content and be audited on this order only. c. Hide and do not audit: Browse orders without displaying personal information.
  5. Click Confirm.

Subscriptions

The subscription feature is compatible with the PII data architecture.

However, the Subscriptions Admin interface displays only masked PII. If you wish to see unmasked PII, you must use the Subscriptions v3 API endpoints, while sending the reason query parameter. Learn more about retrieving unmasked data.

Message Center

When you edit an email template on the Message Center Admin interface, you can see information about the last email sent from that template, rendered as an email. Currently, all values on the JSON Data will be masked.

Master Data - CL, AD, BK entities

In the PII data architecture, Master Data does not have CL, AD, BK entities. There will be a new isolated system to protect those information, Profile System.

If you are integrated to Master Data API to get any of this data (CL, AD, BK entities) you will need to integrate with the new Profile System API.

Checkout

Although Checkout endpoints that retrieve order information use the same path, they may behave differently. Contracts are the same for masked data, but for complete data, you must include the query parameter: reason. Learn more about retrieving unmasked data.

Payments

In order to be able to view transaction logs, store users must be assigned a role with the resource View Payments Sensitive Data, from the PCI Gateway product in the License Manager. Learn more about License Manager resources and how to Create roles.

Limitations

Master Data

Note that Master Data features may be impacted in the following three aspects.

Triggers

At the moment, triggers are not supported by the PII platform version Profile System.

Orders Index

This is a legacy integration that was deprecated and it should not be used.

CL

Currently, Master Data custom CL fields are not supported.

Pricing - Price tables

The Price tables feature is not supported at this moment.

Order Management

VTEX’s Order Management System is impacted on a few different aspects. See details below.

Call center

You must disable call center impersonation at the License Manager.

Orders Admin interface

The PII rules have also been applied to the Orders List (Beta) and Order details pages. The pages have been adjusted so that:

  • By default, the account will see all data masked.
  • Searches by name only work with the shopper's full name.
  • Searches by document only work with the shopper's full document ID.

It is possible to configure PII preferences on OMS' interface of your VTEX Admin, by following these instructions:

  1. In your VTEX Admin, in the Orders menu, then All Orders.
  2. Click an order on the list.
  3. Under the Customer information card, click PII Preferences.
  4. Select one of the following options to configure how you will view customer's PII and be audited depending on your choice: a. On all orders: View personal information and be audited on all orders. b. This order only: View PII content and be audited on this order only. c. Hide and do not audit: Browse orders without displaying personal information.
  5. Click Confirm.

Subscriptions

The subscription feature is compatible with the PII data architecture.

However, the Subscriptions Admin interface displays only masked PII. If you wish to see unmasked PII, you must use the Subscriptions v3 API endpoints, while sending the reason query parameter. Learn more about retrieving unmasked data.

Message Center

When you edit an email template on the Message Center Admin interface, you can see information about the last email sent from that template, rendered as an email. Currently, all values on the JSON Data will be masked.

Gift card

The gift card feature is not supported for PII platform version accounts yet.

Customer Credit

Currently, the Customer Credit feature is not supported.

Contributors
1
Photo of the contributor
+ 1 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
See also
PII Data Architecture specifications
Guides
Data residency
Guides
Profile System integration
Guides
Limitations of the PII data architecture during closed beta
Guides
Data Protection Plus
Guides
Contributors
1
Photo of the contributor
+ 1 contributors
On this page